Hertz Just Suffered a Major Data Breach.
Warning: If you rented a car from Hertz, your information may have been compromised in a data breach. While Hertz itself was not attacked, sensitive data was leaked from affected customers, including, in some cases, Social Security numbers.
What happened to Hertz?
Hertz posted a “Data Incident Notice” on its website this week, informing customers of a 2024 episode involving Cleo Communications. Cleo operates a file transfer platform that Hertz uses for “limited purposes.” Despite these limited targets, Hertz confirmed that attackers exploited zero-day vulnerabilities in the Cleo network and gained access to Hertz customer data. It appears that the actors had access to this data in both October and December last year.
After reviewing the affected data on April 2, Hertz reports that the following user data was affected in this breach: customer names, contact information, dates of birth, credit card information, driver’s license information, and workers’ compensation claims data. In some cases, subjects gained access to even more sensitive data, including government identification numbers (including Social Security numbers), passport information, Medicare and Medicaid identifiers, and injury information through motor vehicle accident claims. Hertz says this last category of information only affects a “very small number of people,” but it is nonetheless a serious violation.
Hertz says it has reported the situation to law enforcement and is also contacting regulators. The company says Cleo has launched an investigation and has fixed the security flaws that led to the hack in the first place, although that likely won’t bring much comfort to affected customers.
According to TechCrunch , Hertz has contacted several US states, particularly California and Maine, regarding the data incident. The company said at least 3,400 customers in Maine were affected by the hack, but did not say the total number of customers affected. It looks like the data leak is affecting users around the world as well. In addition to the US, Hertz posted its announcement on its websites in Australia, Canada, EU, New Zealand and the UK.
What should I do if my Hertz data has been hacked?
Hertz says this user data was not used for fraud, but that doesn’t mean it won’t happen. Attackers could use the information leaked from this hack to steal your identity, open bank accounts, and obtain credit cards and loans in your name. Therefore, you should take steps to protect your identity.
The company is offering affected customers two years of free Kroll identity monitoring and darknet monitoring . Take the offer: A service like Kroll will keep an eye out for any fraud involving your data and help protect you from the consequences.
While Kroll will do most of the work for you, there is more you can do here to protect yourself. To get started, you can get a free credit report from Equifax , Experian andTransUnion once a year. Since each is independent, you can send queries one at a time to effectively check your full credit once every four months. If you were involved in this security incident (or any other similar one), you may also want to freeze your credit to ensure that no one can access your report for any reason.